Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

VMware Appliance (OVA) enhancements #387

Open
tsugliani opened this issue Mar 16, 2024 · 4 comments
Open

VMware Appliance (OVA) enhancements #387

tsugliani opened this issue Mar 16, 2024 · 4 comments
Labels
enhancement
Milestone
0.99l - Overwatch...

Comments

@tsugliani
Copy link

Hi gents,

It would be amazing to add to the available ovf properties, the ability to setup the appliance root password AND setup a ssh key too. (if those are not set, just use the current default password so it doesn't change the current behavior)

This feature is provided by many appliances these days, and would be a great addition :-)

I do this on my packer templates too for reference: https://github.com/tsugliani/packer-alpine

OVF properties: https://github.com/tsugliani/packer-alpine/blob/main/files/customization.sh#L32-L33
Related Code: https://github.com/tsugliani/packer-alpine/blob/main/files/customization.sh#L85-L96

Thanks in advance,
@rschitz rschitz added this to the 0.99k - Lighthouse Point milestone Mar 16, 2024
@rschitz
Copy link
Member

rschitz commented Mar 16, 2024

Hi Timo, thanks for your feedback. We can add this feature for sure ;)

@rschitz
Copy link
Member

rschitz commented Mar 16, 2024

@tsugliani i'm not confortable keeping password and ssh keys in the ovf props like in this exemple:
image
What's your feeling on this?

@tsugliani
Copy link
Author

Password is not shown in vCenter UI/API, with the ovf:password="true" setting in the OVF envelope for this property (only way to fetch it would be to access the VC DB, but at that stage, you are already compromised pretty badly)

For the ssh public key, that is meant to be public, so not sure why that is a problem ?

You could use the same setting as the password above for the ssh key so it doesn't appear in the UI/API if that feels like an issue.

Even GitHub/GitLab shares your public keys, for example my registered one is here:

❯ curl https://api.github.com/users/tsugliani/keys
[
  {
    "id": 71752143,
    "key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCkr56eYkjAN7cgXKHl65kismGjXEghO5ECb9vnmpoeer+1MpdpLI7DsPr76wDWTtRMcKWlJYJ3+tvXKSr5zAupWgyASPA2vaDA/H6HXicM8VjQSNsb3zsx8qVoXZCkbM3sTxjR2GMAXuiuihH3G2MY2qVaCWqea5RQ9QDnSiuRDlUXoGp/FKbhl+iEZ/rs5X2FDm84jU6VPNVzutgog/NE2CRn4S8pc6xWyFtd1jaezgUi7rbK+6NnkfUeQxsjPsexniagco97ZZNDwGVqxhe2uOMjbZcg6leEguwQgm7+Kj8+/nFfjH+senoM8B41dr9vpk32llgJEKIXv1a+3L7qz/FDZi+bYWIZPTr0d4mMF6Js24kBfhAx+T608603opWKma4sGu0eW/a7z3fptOBYpBQkEw8GVuDGQGyP3kOR68ObKEJkSFKZfHmiGIAJBXHUnN4Y5WVvKL7YpU3KpKakDe8o0aTuxFT7fanZt7o2aBtAkkaUAkDXNa52JJY9OZm9sX9yON4OeoM9H/H7so2M8liVQVC6DyAnRtX5fHDvP4sk9xMbJzjaBom9bCXp27Mj6DAh4VLTpxRx6/KEPKL/BjSbxYR00w4bIYNK0Xkf+kKBwsuSDz8D/opKGJQrjbFkpgMucxnMOpJ/ggj5L963GGoMFX7xpqtwjJU4eDNaQ=="
  },
  {
    "id": 84987101,
    "key": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID5P8euZ0NGqx4xtaL/cV3f45KD2p5mbz29I8wUFAhUv"
  }
]

Hope this makes sense.

@rschitz
Copy link
Member

rschitz commented Mar 17, 2024

Didn't know about the hidden password setting and you're right we dont care about public keys, i'm too paranoid :D
Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
0.99l - Overwatch Nexus
Development

No branches or pull requests
2 participants
@tsugliani @rschitz